Authentication via Kerberos5: Pre-authentication information was

Jens Kutschke j-dimension at gmx.de
Mon Aug 30 05:04:32 EDT 2004 

Hallo,

I'm trying to authenticate users from within a Java application against 
an Active Directory. Therefore I use JAAS from Sun and the contained 
Kerberos5-LoginModule.

For some of the users this works fine, others are rejected with the 
following error:

<stacktrace>

javax.security.auth.login.LoginException: Pre-authentication information 
was invalid (24)
         at 
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Un
known Source)
         at com.sun.security.auth.module.Krb5LoginModule.login(Unknown 
Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
         at java.lang.reflect.Method.invoke(Unknown Source)
         at javax.security.auth.login.LoginContext.invoke(Unknown Source)
         at javax.security.auth.login.LoginContext.access$000(Unknown 
Source)
         at javax.security.auth.login.LoginContext$4.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.login.LoginContext.invokeModule(Unknown 
Source)
         at javax.security.auth.login.LoginContext.login(Unknown Source)
         at 
com.aidossoftware.security.auth.orion.UserManager$UserWrapper.authent
icate(UserManager.java:232)
         at com.evermind._ax._ltc(.:417)
         at com.evermind._ax._uab(.:191)
         at com.evermind._bf.run(.:62)
Caused by: KrbException: Pre-authentication information was invalid (24)
         at sun.security.krb5.KrbAsRep.<init>(Unknown Source)
         at sun.security.krb5.KrbAsReq.getReply(Unknown Source)
         at sun.security.krb5.Credentials.acquireTGT(Unknown Source)
         ... 16 more
Caused by: KrbException: Identifier doesn't match expected value (906)
         at sun.security.krb5.internal.af.a(Unknown Source)
         at sun.security.krb5.internal.at.a(Unknown Source)
         at sun.security.krb5.internal.at.<init>(Unknown Source)
         ... 19 more

javax.security.auth.login.LoginException: Pre-authentication information 
was invalid (24)
         at 
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Un
known Source)
         at com.sun.security.auth.module.Krb5LoginModule.login(Unknown 
Source)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
         at java.lang.reflect.Method.invoke(Unknown Source)
         at javax.security.auth.login.LoginContext.invoke(Unknown Source)
         at javax.security.auth.login.LoginContext.access$000(Unknown 
Source)
         at javax.security.auth.login.LoginContext$4.run(Unknown Source)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.security.auth.login.LoginContext.invokeModule(Unknown 
Source)
         at javax.security.auth.login.LoginContext.login(Unknown Source)
         at 
com.aidossoftware.security.auth.orion.UserManager$UserWrapper.authent
icate(UserManager.java:232)
         at com.evermind.server.http.EvermindHttpServletRequest._wwd(.:3298)
         at com.evermind._ay._mae(.:5385)
         at com.evermind._ay._nlc(.:2164)
         at com.evermind._ay._kfe(.:4133)
         at com.evermind._eu._nlc(.:294)
         at com.evermind._ay.getRequestDispatcher(.:921)
         at 
com.evermind.server.http.EvermindHttpServletResponse.sendRedirect(.:1
347)
         at com.evermind._ax._ltc(.:468)
         at com.evermind._ax._uab(.:191)
         at com.evermind._bf.run(.:62)
Caused by: KrbException: Pre-authentication information was invalid (24)
         at sun.security.krb5.KrbAsRep.<init>(Unknown Source)
         at sun.security.krb5.KrbAsReq.getReply(Unknown Source)
         at sun.security.krb5.Credentials.acquireTGT(Unknown Source)
         ... 23 more
Caused by: KrbException: Identifier doesn't match expected value (906)
         at sun.security.krb5.internal.af.a(Unknown Source)
         at sun.security.krb5.internal.at.a(Unknown Source)
         at sun.security.krb5.internal.at.<init>(Unknown Source)
         ... 26 more

</stacktrace>

I can not find any significant or systematic differences between the 
users that are authenticated and the ones that can not be authenticated.

Can anybody explain this effect to me and give hints what I have to fix? 
A post in a java group did not bring answers...

Thanks,
Jens




-- 
Jens Kutschke
http://www.j-dimension.com

More information about the Kerberos mailing list